PHYSICAL AND MENTAL REQUIREMENTS, WORKING CONDITIONS

• Learn new tasks, remember processes, maintain focus, complete tasks independently, make timely decisions in the context of a workflow, ability to communicate with others, ability to complete tasks in situations that have a speed or productivity quota.
• Predominantly operates in an office environment. Some periods of time may be spent in computer room and communications equipment spaces for installation, testing, and troubleshooting. Some work (less than 5%) requires moving and lifting of heavy networking equipment. This position requires close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading.
• This is an essential position supporting clinical laboratory operations requiring attendance on weekends, holidays, and during emergency conditions, such as inclement weather and power failure.
• This position requires the ability to identify and resolve quality issues.
• This position is a full-time, in-person position in Boulder, CO.

ABOUT THE ROLE

The Information Systems Security Manager (ISSM) leads the information security strategy and operations within in our highly regulated life sciences environment. Reporting to the Head of Information technology, this role is critical in safeguarding sensitive data, intellectual property, and clinical information while ensuring compliance with global regulatory standards.

WHAT YOU WILL DO

• Development and Governance of Security Policies and Procedures including audit readiness.
• Formulate and enforce security policies to protect corporate data and IT infrastructure.
• Ensure compliance with industry standards and regulations including ISO 13485, CAP, CLIA, ISO 27001 audits.
• Regularly update security protocols to address emerging threats.
• Lead the development and execution of the organization’s information security program.
• Ensure compliance with regulatory frameworks such as HIPAA, FDA Cybersecurity Guidance on Medical Devices, and EU MDR.
• Perform GRC functions to meet complex compliance requirements.
• Oversee risk assessments, incident response, and vulnerability management across enterprise IT, Research and Development, and laboratory operations.
• Manage and enhance security monitoring, detection, and response systems (e.g., SIEM, endpoint security).
• Drive vendor risk management and ensure third-party partners meet security requirements.
• Conduct regular risk assessments to identify vulnerabilities within the IT environment.
• Creation of SOPs related to security operations.
• Implement risk mitigation strategies and continuously monitor their effectiveness.
• Educate employees and promote a culture of security awareness across the organization.
• Perform periodic internal security assessment activities.
• Develop and manage an incident response plan to address security breaches promptly.
• Coordinate with IT and other departments to resolve security issues and minimize impact.
• Conduct post-incident analysis to improve future responses.
• Report on security posture, risks, and incidents to leadership and regulatory auditors.
• Support business continuity and disaster recovery planning.
• Technical Proficiency: In-depth knowledge of cybersecurity principles, tools, and technologies.
• Leadership: Ability to lead and inspire a team of cybersecurity professionals.
• Strategic Planning: Capability to develop and execute long-term security strategies.
• Adaptability: Flexibility to adapt to the rapidly changing cybersecurity landscape.
• Attention to Detail: Keen eye for identifying vulnerabilities and ensuring thorough risk management.
• Lead security related projects and deliverables for security as well as external department projects.
• Develop, oversee and/or participate in organization wide BC, DR, and BR requirements.